5 Internal Audit Resolutions for 2022

5 Internal Audit Resolutions for 2022

When a new year dawns, we tend to embrace it with optimism and confidence despite the uncertainty that lies ahead. I don’t know whether this hopeful outlook is driven by the celebration that surrounds the date or whether that optimism is what drives the festivities. Whatever the case, the New Year also pushes us to set goals and resolve to better ourselves and be more effective in our personal and professional lives.

My custom for the past several years is to use my first blog post of the year to set out New Year’s resolutions for the profession that highlight emerging or anticipated issues. My resolutions blog post for 2022 focuses on the unique perspective we have as auditors in a (partially) post-pandemic environment. While 2020 brought chaos and the need for quick decision-making, 2021 ushered in risks related to supply and logistics issues, talent shortages, and large-scale cyber attacks. 2020 was a lesson on anticipating the next risk, and this past year continues to teach us what happens when we don’t. As my top five New Year’s resolutions for 2022 illustrate, we must leverage the lessons the pandemic has been teaching us — including the importance of continuously revisiting such resolutions themselves.

1. Keep your eyes on the horizon. 

Internal auditors should look forward and anticipate the next risk coming our way. Our stakeholders are counting on us to help them understand the impact and likelihood of emerging risks, especially in a time of intense uncertainty and unpredictability. If we become absorbed in the risks we identified in the last assessment while missing those on the horizon, we are likely to get caught off guard. We need to look forward so we can see what is coming in the next week, months, and years ahead. An excellent resource on potential risks is Protiviti and North Carolina State’s Executive Perspectives on Top Risks for 2022 and 2031. This powerful study provides insight into the risks and risk themes being discussed by global executives. 

2. Establish better collaboration with other Audit, Risk, and Compliance functions. 

Collaboration across the three lines of defense has never been more important. Organizations are stronger when all the audit, risk, and compliance functions work together and leverage their different perspectives to address critical risks. Presenting a united front against emerging risks not only protects value, but can create value for the organizations we serve. Collaboration allows us to leverage each other’s competencies, roles, and responsibilities so we can work toward a common objective. By combining our collective assurance expertise to assess and monitor risks and provide clear communication to executive management, we can empower the business to effectively respond to emerging risks and take advantage of unexpected opportunities during a time of volatility.

3. Get to know your third parties better. 

Businesses depend on one another for success, but your business partners are also a source of risk. In the past year, supply chain disruption has slowed or stopped the production of goods when suppliers could not fulfill their commitments. How well do you know your third-party suppliers? As internal audit leaders, we should be more cognizant of our critical third-party partners’ risk and control environment. Understanding our partners requires us to be aware of their compliance environment, know how their internal audit team operates, vet their risk management methodology, and interpret their risk culture. Keep in mind that digging into this level of detail may require a specific right to audit clause in the contract, so consult with your legal counsel first.

4. Focus on expense containment. 

Inflation is one of the top five risks executives see on the horizon, and unless you’re an old auditor like me, not many internal auditors in developed nations have experienced this particular risk event. The last time we faced double-digit inflation in the US was in the late 1970s and early 1980s. We must be prepared for this scenario to happen again. During an inflationary period, financial planning becomes unreliable as expenses rise unpredictably, outpacing revenues, and cutting deeply into profitability. A proactive role internal auditors can take is to ensure management focuses on protecting the bottom line through expense containment before the inflation period. 

5. Expect the unexpected and leverage the lessons of the past two years. 

The pandemic has been a learning experience for assurance professionals. With the level of risk volatility and velocity we have experienced, we seem to be utterly and constantly surprised by unfolding events. At this point, anyone not anticipating a new COVID variant every few weeks has not learned anything from the past two years. We are entering the third year of the most significant, disruptive event of the past century. Several generations are likely to mark time as pre and post-pandemic. Learn from the events that made headlines to avoid repeating the inevitable mistakes that were made.

Volatile Times Call for Continuous Resolutions

We have no delusions about the challenging times in which we are living. To thrive in this environment, we keep our heads up and always look ahead. Having resolutions helps us to stay focused, avoid complacency, and keep our priorities straight. In keeping with our theme, we also need to be prepared to introduce new resolutions along the way as we face unanticipated emerging risks. Just as we have continuous auditing and risk assessments, we should develop a practice of continuous resolutions to keep our goals fresh and relevant to confront the unfolding changes that await us. 

Richard

Richard Chambers, CIA, CRMA, CFE, CGAP, is the CEO of Richard F. Chambers & Associates, a global advisory firm for internal audit professionals, and also serves as Senior Advisor, Risk and Audit at AuditBoard. Previously, he served for over a decade as the president and CEO of The Institute of Internal Auditors (IIA). Connect with Richard on LinkedIn.